Skip to content

Instantly share code, notes, and snippets.

View yasinS's full-sized avatar

yasinS

104 followers · 17 following
View GitHub Profile
@EdOverflow
EdOverflow / github_onplatform.md
Last active August 27, 2020 10:22
My basic workflow when using GitHub for recon purposes.

On-platform GitHub Reconnaissance

Note: Please keep in mind, that all of this does not work if you are not signed in to GitHub.

When searching for issues related to a target I often like to quickly look up their GitHub organization on Google.

So let's say Gratipay says nothing about being open source. A quick Google "Gratipay GitHub" should return Gratipay's org page on GitHub.

Then from there I am going to check what repos actually belong to the org and which are forked. You can do this by selecting the Type: dropdown on the right hand side of the page.

@EdOverflow
EdOverflow / github_bugbountyhunting.md
Last active April 29, 2024 14:36
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@rwestergren
rwestergren / html_test.html
Created December 13, 2016 16:34
HTML Email Filter Test
<a onafterprint="console.log(244599)" onbeforeprint="console.log(309354)" onbeforeunload="console.log(879813)" onerror="console.log(949564)" onhashchange="console.log(575242)" onload="console.log(301053)" onmessage="console.log(976974)" onoffline="console.log(796090)" ononline="console.log(432638)" onpagehide="console.log(504345)" onpageshow="console.log(696619)" onpopstate="console.log(398418)" onresize="console.log(943097)" onstorage="console.log(882233)" onunload="console.log(929443)" onblur="console.log(932104)" onchange="console.log(102339)" oncontextmenu="console.log(761265)" onfocus="console.log(188946)" oninput="console.log(143653)" oninvalid="console.log(304208)" onreset="console.log(318472)" onsearch="console.log(778420)" onselect="console.log(942035)" onsubmit="console.log(603589)" onkeydown="console.log(650647)" onkeypress="console.log(579383)" onkeyup="console.log(821763)" onclick="console.log(284098)" ondblclick="console.log(477370)" ondrag="console.log(439095)" ondragend="console.log(546684)" o
@ejcx
ejcx / top-700k.json
Created February 24, 2016 09:37
Alexa Top 700k Survey
{"":"","HTTP/1.1 200 OK":"","access-control-allow-credentials":"true","access-control-allow-origin":"http://evil.com.ej.cx","cache-control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","content-type":"text/html","date":"wed, 24 feb 2016 01:17:21 gmt","expires":"thu, 19 nov 1981 08:52:00 gmt","pragma":"no-cache","server":"apache/2.2.22 (ubuntu)","set-cookie":"phpsessid=2phdir1nkjt822p5lelc2vtf65; path=/","vary":"accept-encoding","x-hostname":"http://.ej.cx","x-powered-by":"php/5.3.10-1ubuntu3.21"}
{"":"","HTTP/1.1 302 Found":"","access-control-allow-credentials":"true","access-control-allow-methods":"get, head, post, put, patch, delete, options","access-control-allow-origin":"https://wetransfer.com.evil.com","access-control-expose-headers":"","access-control-max-age":"60","cache-control":"no-cache","connection":"keep-alive","content-type":"text/html; charset=utf-8","date":"wed, 24 feb 2016 01:17:55 gmt","location":"https://www.wetransfer.com/","server":"nginx","status":"302 found","vary":"o